poke-gate 0.1.9 → 0.2.1

package/clients/Poke macOS Gate/Poke macOS Gate/GateService.swift

@@ -1,6 +1,9 @@
 import Foundation
 import Combine
 import ScreenCaptureKit
+import AppKit
+import CoreGraphics
+import ApplicationServices
 
 @MainActor
 class GateService: ObservableObject {
@@ -12,17 +15,128 @@ class GateService: ObservableObject {
         case error = "Error"
     }
 
+    enum PermissionMode: String, CaseIterable, Identifiable {
+        case full
+        case limited
+        case sandbox
+
+        var id: String { rawValue }
+
+        var title: String {
+            switch self {
+            case .full: return "Full System Access"
+            case .limited: return "Limited Permissions"
+            case .sandbox: return "Run in Sandbox"
+            }
+        }
+
+        var subtitle: String {
+            switch self {
+            case .full: return "All tools enabled. Risky actions require chat approval."
+            case .limited: return "Read-only tools and safe commands (ls, cat, grep, curl…). File writes and screenshots disabled."
+            case .sandbox: return "Commands like brew, node, python, ffmpeg allowed. Writes restricted to ~/Downloads and /tmp."
+            }
+        }
+    }
+
+    enum SystemPermission: String, CaseIterable, Identifiable {
+        case accessibility
+
+        var id: String { rawValue }
+
+        var title: String {
+            switch self {
+            case .accessibility: return "Accessibility"
+            }
+        }
+
+        var subtitle: String {
+            switch self {
+            case .accessibility: return "Needed for keyboard, mouse, and automation-style control."
+            }
+        }
+
+        var settingsURL: String {
+            switch self {
+            case .accessibility: return "x-apple.systempreferences:com.apple.preference.security?Privacy_Accessibility"
+            }
+        }
+
+        var systemImageName: String {
+            switch self {
+            case .accessibility: return "figure.wave"
+            }
+        }
+    }
+
+    struct SystemPermissionStatus: Identifiable, Equatable {
+        let permission: SystemPermission
+        let isGranted: Bool
+
+        var id: SystemPermission { permission }
+    }
+
+    struct TerminalPreview: Identifiable, Equatable {
+        let id: UUID
+        let timestamp: Date
+        var command: String
+        var cwd: String?
+        var exitCode: Int?
+        var durationMs: Int?
+        var timedOut: Bool
+        var sandboxMode: String?
+        var stdoutPreview: String?
+        var stderrPreview: String?
+    }
+
     @Published var status: Status = .stopped
     @Published var logs: [String] = []
+    @Published var terminalPreviews: [TerminalPreview] = []
     @Published var userName: String? = nil
+    @Published var permissionMode: PermissionMode
+    @Published var hasCompletedSetup: Bool
+    @Published var systemPermissionStatuses: [SystemPermissionStatus] = []
 
     private var hasAutoStarted = false
     private var process: Process?
     private var outputPipe: Pipe?
     private var shouldRestart = true
     private let maxLogs = 200
+    private let maxTerminalPreviews = 100
     private var restartAttempts = 0
     private var healthCheckTimer: Timer?
+    private var activeTerminalPreviewId: UUID?
+    private var permissionPollingTimer: Timer?
+
+    private var appActiveObserver: NSObjectProtocol?
+
+    init() {
+        self.permissionMode = Self.loadPermissionModeStatic()
+        self.hasCompletedSetup = Self.loadHasCompletedSetupStatic()
+        refreshSystemPermissions()
+
+        appActiveObserver = NotificationCenter.default.addObserver(
+            forName: NSApplication.didBecomeActiveNotification,
+            object: nil,
+            queue: .main
+        ) { [weak self] _ in
+            self?.refreshSystemPermissions()
+        }
+    }
+
+    deinit {
+        if let observer = appActiveObserver {
+            NotificationCenter.default.removeObserver(observer)
+        }
+    }
+
+    var hasSystemPermissionsGranted: Bool {
+        !systemPermissionStatuses.isEmpty && systemPermissionStatuses.allSatisfy { $0.isGranted }
+    }
+
+    var missingSystemPermissions: [SystemPermission] {
+        systemPermissionStatuses.filter { !$0.isGranted }.map { $0.permission }
+    }
 
     var apiKey: String {
         get { loadAPIKey() ?? "" }
@@ -44,6 +158,83 @@ class GateService: ObservableObject {
         appendLog("Launched poke login (npx: \(npxBin)) — check your browser.")
     }
 
+    func setPermissionMode(_ mode: PermissionMode) {
+        guard permissionMode != mode else { return }
+        permissionMode = mode
+        savePermissionMode(mode)
+        appendLog("Access mode changed to: \(mode.title)")
+
+        if process?.isRunning == true {
+            appendLog("Restarting gate to apply access mode.")
+            restart()
+        }
+    }
+
+    func completeFirstRunSetup(selectedMode: PermissionMode, requestPermissions: Bool) {
+        setPermissionMode(selectedMode)
+        if requestPermissions {
+            requestSystemPermissions()
+        }
+        hasCompletedSetup = true
+        saveHasCompletedSetup(true)
+        appendLog("Initial setup complete.")
+    }
+
+    func requestSystemPermissions() {
+        openMissingSystemPermissions()
+    }
+
+    func openMissingSystemPermissions() {
+        refreshSystemPermissions()
+
+        guard !missingSystemPermissions.isEmpty else {
+            appendLog("All required macOS permissions are already granted.")
+            return
+        }
+
+        let requested = missingSystemPermissions.map { $0.title }.joined(separator: ", ")
+        appendLog("Requesting macOS permissions: \(requested).")
+
+        for permission in missingSystemPermissions {
+            openSystemPermission(permission)
+        }
+    }
+
+    func refreshSystemPermissions() {
+        let previous = systemPermissionStatuses
+        systemPermissionStatuses = SystemPermission.allCases.map { permission in
+            SystemPermissionStatus(permission: permission, isGranted: isPermissionGranted(permission))
+        }
+        for status in systemPermissionStatuses {
+            let was = previous.first(where: { $0.permission == status.permission })
+            if was == nil || was?.isGranted != status.isGranted {
+                appendLog("\(status.permission.title): \(status.isGranted ? "granted" : "not granted")")
+            }
+        }
+    }
+
+    func startPermissionPolling() {
+        stopPermissionPolling()
+        permissionPollingTimer = Timer.scheduledTimer(withTimeInterval: 1.0, repeats: true) { [weak self] _ in
+            Task { @MainActor [weak self] in
+                self?.refreshSystemPermissions()
+            }
+        }
+    }
+
+    func stopPermissionPolling() {
+        permissionPollingTimer?.invalidate()
+        permissionPollingTimer = nil
+    }
+
+    func openSystemPermission(_ permission: SystemPermission) {
+        switch permission {
+        case .accessibility:
+            let options = [kAXTrustedCheckOptionPrompt.takeUnretainedValue(): true] as CFDictionary
+            _ = AXIsProcessTrustedWithOptions(options)
+        }
+    }
+
     func captureAndSend() {
         appendLog("Screenshot requested via deeplink.")
 
@@ -77,8 +268,6 @@ class GateService: ObservableObject {
                 try pngData.write(to: tempURL)
                 appendLog("Screenshot saved to \(tempPath) (\(pngData.count) bytes)")
 
-                let base64 = pngData.base64EncodedString()
-
                 guard let token = loadPokeLoginToken() else {
                     appendLog("Cannot send screenshot: not signed in to Poke.")
                     return
@@ -158,6 +347,10 @@ class GateService: ObservableObject {
         }
     }
 
+    func clearLogs() {
+        logs = []
+    }
+
     func shellPath() -> String {
         let home = NSHomeDirectory()
         let fallback = "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/homebrew/bin"
@@ -241,6 +434,7 @@ class GateService: ObservableObject {
 
         status = .starting
         appendLog("Starting poke-gate…")
+        appendLog("Access mode: \(permissionMode.title)")
 
         let fullPath = shellPath()
         let npxBin = findNpx()
@@ -255,6 +449,7 @@ class GateService: ObservableObject {
         proc.environment = ProcessInfo.processInfo.environment.merging(
             [
                 "PATH": fullPath,
+                "POKE_GATE_PERMISSION_MODE": permissionMode.rawValue,
             ],
             uniquingKeysWith: { _, new in new }
         )
@@ -299,6 +494,7 @@ class GateService: ObservableObject {
     private func handleOutput(_ raw: String) {
         for line in raw.components(separatedBy: .newlines) where !line.isEmpty {
             appendLog(line)
+            parseTerminalPreviewLine(line)
 
             if line.contains("Tunnel connected") || line.contains("Ready") {
                 status = .connected
@@ -361,6 +557,54 @@ class GateService: ObservableObject {
 
     // MARK: - Config
 
+    private static func loadPermissionModeStatic() -> PermissionMode {
+        let configDir: URL
+        if let xdg = ProcessInfo.processInfo.environment["XDG_CONFIG_HOME"] {
+            configDir = URL(fileURLWithPath: xdg)
+        } else {
+            configDir = FileManager.default.homeDirectoryForCurrentUser
+                .appendingPathComponent(".config")
+        }
+
+        let configURL = configDir
+            .appendingPathComponent("poke-gate")
+            .appendingPathComponent("config.json")
+
+        guard let data = try? Data(contentsOf: configURL),
+              let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+              let value = json["permissionMode"] as? String,
+              let mode = PermissionMode(rawValue: value) else {
+            return .full
+        }
+
+        return mode
+    }
+
+    private static func loadHasCompletedSetupStatic() -> Bool {
+        let configDir: URL
+        if let xdg = ProcessInfo.processInfo.environment["XDG_CONFIG_HOME"] {
+            configDir = URL(fileURLWithPath: xdg)
+        } else {
+            configDir = FileManager.default.homeDirectoryForCurrentUser
+                .appendingPathComponent(".config")
+        }
+
+        let configURL = configDir
+            .appendingPathComponent("poke-gate")
+            .appendingPathComponent("config.json")
+
+        guard let data = try? Data(contentsOf: configURL),
+              let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+            return false
+        }
+
+        if let value = json["setupCompleted"] as? Bool {
+            return value
+        }
+
+        return false
+    }
+
     private var configURL: URL {
         let configDir: URL
         if let xdg = ProcessInfo.processInfo.environment["XDG_CONFIG_HOME"] {
@@ -374,25 +618,157 @@ class GateService: ObservableObject {
             .appendingPathComponent("config.json")
     }
 
-    private func loadAPIKey() -> String? {
+    private func readConfig() -> [String: Any] {
         guard let data = try? Data(contentsOf: configURL),
-              let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
-              let key = json["apiKey"] as? String else {
-            return nil
+              let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any] else {
+            return [:]
         }
-        return key
+        return json
     }
 
-    private func saveAPIKey(_ key: String) {
+    private func writeConfig(_ json: [String: Any]) {
         let dir = configURL.deletingLastPathComponent()
         try? FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true)
-        let json: [String: Any] = ["apiKey": key]
         if let data = try? JSONSerialization.data(withJSONObject: json, options: [.prettyPrinted]) {
             try? data.write(to: configURL)
         }
         objectWillChange.send()
     }
 
+    private func loadAPIKey() -> String? {
+        readConfig()["apiKey"] as? String
+    }
+
+    private func saveAPIKey(_ key: String) {
+        var json = readConfig()
+        json["apiKey"] = key
+        writeConfig(json)
+    }
+
+    private func savePermissionMode(_ mode: PermissionMode) {
+        var json = readConfig()
+        json["permissionMode"] = mode.rawValue
+        writeConfig(json)
+    }
+
+    private func saveHasCompletedSetup(_ value: Bool) {
+        var json = readConfig()
+        json["setupCompleted"] = value
+        writeConfig(json)
+    }
+
+    private func isPermissionGranted(_ permission: SystemPermission) -> Bool {
+        switch permission {
+        case .accessibility:
+            if AXIsProcessTrusted() { return true }
+            // AXIsProcessTrusted() can return false despite the toggle being ON
+            // in System Settings when the TCC entry's code signature doesn't match
+            // the running binary (ad-hoc signing, rebuild from Xcode, etc.).
+            // Probe the API directly as a fallback.
+            let systemWide = AXUIElementCreateSystemWide()
+            var value: AnyObject?
+            let result = AXUIElementCopyAttributeValue(
+                systemWide,
+                kAXFocusedApplicationAttribute as CFString,
+                &value
+            )
+            return result == .success || result == .noValue || result == .attributeUnsupported
+        }
+    }
+
+    private func parseTerminalPreviewLine(_ line: String) {
+        let body = stripToolTimestamp(from: line)
+
+        if body == "terminal preview:" {
+            activeTerminalPreviewId = nil
+            return
+        }
+
+        if body.hasPrefix("$ ") {
+            let (command, cwd) = parseCommandAndCwd(body)
+            let preview = TerminalPreview(
+                id: UUID(),
+                timestamp: Date(),
+                command: command,
+                cwd: cwd,
+                exitCode: nil,
+                durationMs: nil,
+                timedOut: false,
+                sandboxMode: nil,
+                stdoutPreview: nil,
+                stderrPreview: nil
+            )
+            terminalPreviews.append(preview)
+            if terminalPreviews.count > maxTerminalPreviews {
+                terminalPreviews.removeFirst(terminalPreviews.count - maxTerminalPreviews)
+            }
+            activeTerminalPreviewId = preview.id
+            return
+        }
+
+        guard let id = activeTerminalPreviewId,
+              let index = terminalPreviews.firstIndex(where: { $0.id == id }) else {
+            return
+        }
+
+        if body.hasPrefix("process: ") {
+            var updated = terminalPreviews[index]
+            updated.exitCode = parseInt(body, key: "exit=")
+            updated.durationMs = parseInt(body, key: "duration=")
+            updated.timedOut = body.contains(" timeout")
+            if body.contains("sandbox=os") {
+                updated.sandboxMode = "os"
+            } else if body.contains("sandbox=none") {
+                updated.sandboxMode = "none"
+            }
+            terminalPreviews[index] = updated
+            return
+        }
+
+        if body.hasPrefix("stdout: ") {
+            var updated = terminalPreviews[index]
+            updated.stdoutPreview = String(body.dropFirst("stdout: ".count))
+            terminalPreviews[index] = updated
+            return
+        }
+
+        if body.hasPrefix("stderr: ") {
+            var updated = terminalPreviews[index]
+            updated.stderrPreview = String(body.dropFirst("stderr: ".count))
+            terminalPreviews[index] = updated
+        }
+    }
+
+    private func stripToolTimestamp(from line: String) -> String {
+        let trimmed = line.trimmingCharacters(in: .whitespaces)
+        guard trimmed.hasPrefix("["), let end = trimmed.firstIndex(of: "]") else {
+            return trimmed
+        }
+        let after = trimmed.index(after: end)
+        return String(trimmed[after...]).trimmingCharacters(in: .whitespaces)
+    }
+
+    private func parseCommandAndCwd(_ body: String) -> (String, String?) {
+        let text = String(body.dropFirst(2))
+        let marker = " (in "
+        guard let range = text.range(of: marker), text.hasSuffix(")") else {
+            return (text, nil)
+        }
+
+        let command = String(text[..<range.lowerBound])
+        let cwdStart = range.upperBound
+        let cwdEnd = text.index(before: text.endIndex)
+        let cwd = String(text[cwdStart..<cwdEnd])
+        return (command, cwd)
+    }
+
+    private func parseInt(_ text: String, key: String) -> Int? {
+        guard let range = text.range(of: key) else { return nil }
+        let suffix = text[range.upperBound...]
+        let digits = suffix.prefix { $0.isNumber }
+        return Int(digits)
+    }
+
     // MARK: - Poke Login Credentials
 
     private var pokeCredentialsURL: URL {
@@ -423,9 +799,8 @@ class GateService: ObservableObject {
 
     var authSource: AuthSource {
         get {
-            let config = (try? Data(contentsOf: configURL))
-                .flatMap { try? JSONSerialization.jsonObject(with: $0) as? [String: Any] }
-            if let source = config?["authSource"] as? String, source == "pokeLogin" {
+            let config = readConfig()
+            if let source = config["authSource"] as? String, source == "pokeLogin" {
                 return .pokeLogin
             }
             if loadAPIKey() != nil {
@@ -437,18 +812,9 @@ class GateService: ObservableObject {
             return .none
         }
         set {
-            let dir = configURL.deletingLastPathComponent()
-            try? FileManager.default.createDirectory(at: dir, withIntermediateDirectories: true)
-            var json: [String: Any] = [:]
-            if let data = try? Data(contentsOf: configURL),
-               let existing = try? JSONSerialization.jsonObject(with: data) as? [String: Any] {
-                json = existing
-            }
+            var json = readConfig()
             json["authSource"] = newValue == .pokeLogin ? "pokeLogin" : "apiKey"
-            if let data = try? JSONSerialization.data(withJSONObject: json, options: [.prettyPrinted]) {
-                try? data.write(to: configURL)
-            }
-            objectWillChange.send()
+            writeConfig(json)
         }
     }
 

package/clients/Poke macOS Gate/Poke macOS Gate/Info.plist

@@ -2,6 +2,8 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+	<key>CFBundleIdentifier</key>
+	<string>dev.fka.Poke-macOS-Gate</string>
 	<key>LSUIElement</key>
 	<true/>
 	<key>CFBundleURLTypes</key>

package/clients/Poke macOS Gate/Poke macOS Gate/LogsView.swift

@@ -25,7 +25,7 @@ struct LogsView: View {
                 .help("Copy all logs")
 
                 Button {
-                    service.logs.removeAll()
+                    service.clearLogs()
                 } label: {
                     Image(systemName: "trash")
                         .font(.caption)

package/clients/Poke macOS Gate/Poke macOS Gate/MacVisualStyle.swift

@@ -0,0 +1,89 @@
+import SwiftUI
+
+enum MacPanelTone {
+    case neutral
+    case selected
+    case success
+    case warning
+}
+
+fileprivate struct MacPanelColors {
+    let fill: Color
+    let stroke: Color
+}
+
+enum MacVisualStyle {
+    static var usesNativeFirstChrome: Bool {
+        if #available(macOS 26, *) {
+            return true
+        }
+
+        return false
+    }
+
+    static var sectionTitleColor: Color {
+        Color.secondary.opacity(usesNativeFirstChrome ? 0.9 : 0.7)
+    }
+
+    static var progressTrackColor: Color {
+        Color.secondary.opacity(usesNativeFirstChrome ? 0.16 : 0.22)
+    }
+
+    static var chipActiveFill: Color {
+        usesNativeFirstChrome ? Color.accentColor.opacity(0.9) : Color.accentColor
+    }
+
+    static var chipInactiveFill: Color {
+        Color.secondary.opacity(usesNativeFirstChrome ? 0.1 : 0.14)
+    }
+
+    fileprivate static func panelColors(for tone: MacPanelTone) -> MacPanelColors {
+        switch tone {
+        case .neutral:
+            return MacPanelColors(
+                fill: Color.primary.opacity(usesNativeFirstChrome ? 0.02 : 0.05),
+                stroke: Color.primary.opacity(usesNativeFirstChrome ? 0.05 : 0.08)
+            )
+        case .selected:
+            return MacPanelColors(
+                fill: Color.accentColor.opacity(usesNativeFirstChrome ? 0.08 : 0.12),
+                stroke: Color.accentColor.opacity(usesNativeFirstChrome ? 0.2 : 0.35)
+            )
+        case .success:
+            return MacPanelColors(
+                fill: Color.green.opacity(usesNativeFirstChrome ? 0.05 : 0.06),
+                stroke: Color.green.opacity(usesNativeFirstChrome ? 0.18 : 0.3)
+            )
+        case .warning:
+            return MacPanelColors(
+                fill: Color.orange.opacity(usesNativeFirstChrome ? 0.05 : 0.06),
+                stroke: Color.orange.opacity(usesNativeFirstChrome ? 0.18 : 0.28)
+            )
+        }
+    }
+}
+
+private struct MacPanelModifier: ViewModifier {
+    let tone: MacPanelTone
+    let cornerRadius: CGFloat
+
+    func body(content: Content) -> some View {
+        let colors = MacVisualStyle.panelColors(for: tone)
+
+        content
+            .background(
+                RoundedRectangle(cornerRadius: cornerRadius, style: .continuous)
+                    .fill(colors.fill)
+            )
+            .overlay(
+                RoundedRectangle(cornerRadius: cornerRadius, style: .continuous)
+                    .stroke(colors.stroke, lineWidth: 1)
+            )
+    }
+}
+
+extension View {
+    func macPanelStyle(_ tone: MacPanelTone, cornerRadius: CGFloat = 10) -> some View {
+        modifier(MacPanelModifier(tone: tone, cornerRadius: cornerRadius))
+    }
+}

package/clients/Poke macOS Gate/Poke macOS Gate/PermissionRowView.swift

@@ -0,0 +1,55 @@
+import SwiftUI
+
+struct PermissionRowView: View {
+    let permission: GateService.SystemPermission
+    let isGranted: Bool
+    let onGrant: () -> Void
+
+    var body: some View {
+        HStack(alignment: .top, spacing: 12) {
+            iconView
+
+            VStack(alignment: .leading, spacing: 3) {
+                Text(permission.title)
+                    .font(.subheadline)
+                    .fontWeight(.medium)
+                Text(permission.subtitle)
+                    .font(.caption)
+                    .foregroundStyle(.secondary)
+            }
+
+            Spacer()
+
+            statusView
+        }
+        .padding(12)
+        .macPanelStyle(isGranted ? .success : .neutral)
+        .animation(.easeInOut(duration: 0.2), value: isGranted)
+    }
+
+    private var iconView: some View {
+        Image(systemName: permission.systemImageName)
+            .font(.system(size: 18))
+            .foregroundStyle(isGranted ? .green : .orange)
+            .frame(width: 28)
+    }
+
+    @ViewBuilder
+    private var statusView: some View {
+        if isGranted {
+            HStack(spacing: 4) {
+                Image(systemName: "checkmark.circle.fill")
+                    .font(.caption)
+                    .foregroundStyle(.green)
+                Text("Granted")
+                    .font(.caption)
+                    .foregroundStyle(.green)
+            }
+        } else {
+            Button("Grant Access", action: onGrant)
+                .font(.caption)
+                .buttonStyle(.bordered)
+                .controlSize(.small)
+        }
+    }
+}